Exterminate It! Antimalware

malpedia

Known threats:699,742 Last Update:October 27, 11:19

Testimonials

I have had major computer issues in the last week. I was infected with the Darksma and Vundo downloader trojans. After researching the net for possible solutions, i found they are extremely difficult to remove. I tried a variety of spyware removal tools to no avail. To do it manually is near on impossible.
The symptoms are, computer runs slow, constant ad pop ups, hijacking of emails, theft of information and locking of a variety of functions.
I then found buried deep in a google search a link to Exterminate It. After reading it, I downloaded to do a free scan and a lot of stuff no other spyware had found showed up. So i went searching the locations and sure enough the files where there on my system. I tried removing them with no luck. So i spent the $25 usa to activate.
http://www.exterminate-it.com/
It removed all but 4. I was disappointed that the Trojans once again reloaded and my problems continued. So, i used the SUBMIT STATE service. I supplied all the info i could gather, pop up addys and what they were for , what others programs had found and Exterminate had missed etc. Within 24 hours i received and email telling me they had updated there system and to download it. I rescanned the system and it deleted all the previous locked files.
Darksma and Vundo downloader trojans have not done their re appearing act since and my comp is running normal again.

It's worth remembering the addy or downloading it to see what it finds. I had no problems doing so in anyway with this program. They done what they said they would on there web site in under the time frame.

Source

Administrator of Horse Racing Forums

File: v9.xml

Location of v9.xml and Associated Malware

Check whether v9.xml is present in the following locations:

v9.xml file locations that are Windows version independent:

  • C:\Program Files\Mozilla Firefox\browser\searchPlugins\v9.xml
  • C:\Program Files\Mozilla Firefox\searchPlugins\v9.xml
  • [%PROGRAM_FILESX86%]\Mozilla Firefox\searchPlugins\v9.xml

Windows 2000, Windows XP, Windows Server 2003 specific v9.xml file locations:

  • C:\Documents And Settings\USER_NAME\Application Data\mozilla\firefox\profiles\[%PROFILE_FOLDER%]\SearchPlugins\V9.xml

Windows Vista, Windows Server 2008, Windows 7, Windows 8 specific v9.xml file locations:

  • C:\Users\USER_NAME\AppData\Roaming\mozilla\firefox\profiles\[%PROFILE_FOLDER%]\SearchPlugins\V9.xml

If you find v9.xml file in any of these locations, your computer is very likely to be infected with the following malware:

IMPORTANT: Malware files can be camouflaged with the same file names as legitimate files. The v9.xml file is associated with malware only if found in the locations listed above.

Notes:

Different Variations of v9.xml File^

File SizeFile Md5Last Seen
805BF9D33356806B75D704E45975A3EA265Feb 15, 2014
73401A26A2A507D6F36A40CBF5942F6C106Feb 19, 2014
8163760BFE2B6102E87DF3346454A5C3CF3Mar 7, 2014
5451ED60807B35F0DEDA2AE4A2683618E42Apr 12, 2014
54730A82A67D993118C54FC74E5CF91C73CApr 27, 2014
541857C88F452CB652733E668FAC69CDD07May 7, 2014
540C283DD815820565D93F7A659E32F5A77May 18, 2014
806CCC5861E1C4F230D4A9756D7FE59C963May 20, 2014
534894E8F5551D9E8E71C9FDAC293331D26Jun 6, 2014
535AFF06A0DF5FC49EA4B36699839495ABEJun 9, 2014
54572A422DB6596B78E74F6B98F650FD874Jun 14, 2014
5457F38045D4C41B4127512A5D96F09B667Jun 22, 2014
542986ACFD7E8DDA84E063062289F2BFE65Jul 6, 2014
54567A4495A843DB30CB14774BBBC9A56B9Jul 10, 2014
53553B1B95B81DCBA34FAE40FC975EE26F1Jul 25, 2014
529538B32B4455EE925291CE09F5A6C2917Aug 12, 2014
534452001AC06BDB167E58F2456D41A0CF5Aug 16, 2014
52229732516654C321ECAAFA1E71325949CAug 26, 2014
5461A5E6DD63814D3E571732E6F8A2E7168Aug 30, 2014
5430251A8DDF87F470550C0D4A6949E2695Sep 4, 2014
52848A6C5CA60B7A8DE0C0E46BEED6D13F9Sep 6, 2014
52964556DD0F1A4284311738C57F22D1851Nov 16, 2014
535ADECD28BFF4589FC379D8AFC4ADB1826May 21, 2015
805A513CD5A5BDAE3EC4751CF2F2B5BEFCDFeb 27, 2016
7307F343186F922012DD8D072C988A611CCMay 28, 2016
545CE46DD4BDA9F08EC984B672987E54831Oct 24, 2016
570BCD8087CC84727FF89D024AC65FE5D60Jan 3, 2017
806E5660B3A5F236A448588F745D60ACF77Feb 16, 2017
548F9916EDDFE9171559CE98A8C37DDA09CJul 2, 2014
546F79039D937BD0CDFD670C629E06792C0Sep 18, 2014
7304864662418C79167147EFA76446249E4Oct 22, 2014
72636AFA9A5A7AD46FCEE1740616B685A23Nov 11, 2014
736AD5C8A1C4993F3FB036A5E46517562CEDec 19, 2014
24156F5A12F2DEC12CA8A4E348E1088ECA95Dec 23, 2014
7187C93920D03B933ED666C3FA665D7D78DJul 7, 2015
7236527680887B37A7180B33461E8C893C5Aug 2, 2015
402538BB8087DD70DBF0CC6BA9B12AB073BDec 12, 2018
5272A8B900ED195C0834E8D474BF48D7522Aug 13, 2016
529F05033CF6006CE16F54A728DC7BEF1CFSep 16, 2016
2424D13455CBE300A7CCC0732359BC7A5950Apr 21, 2017
2199F6511E38CDC434E8E7884C31AE41D919Jul 24, 2014
2367D2ECE91E39DA03DEA08D9D35B5F4473CFeb 3, 2015
2344259B7BF6D5328B9DB31D0BBB695FD870Mar 2, 2015
2367B651D8DEE363F6847E3FE1F48F9D9629Mar 9, 2015
2357D7EA042BF9487CF4E932BE51F2240DC7Mar 29, 2015
23784FE6C1D1EEEFD0CEB1790655800D95B1Apr 22, 2015
2370E5960E290DDF5075590CFE04A1EC90C2May 7, 2015
754F9C3F6F978DA5A842A92EFD8C43A7B17May 7, 2015
231190367B889E1D8E4EDF8A9A0BCC459A51Jun 15, 2015
23716EC4F93F26BB027ED276DAAFEB45CBB8Jul 8, 2015
738A1E030C39D382A6A072DDF3932F2C037Jul 20, 2015
2350CB9D4277F53600F3B1E14FF6833C1FC7Aug 12, 2015
2366661A071983D93F23192613798A2BA065Aug 17, 2015
737F30D3C9327A9960EE6A5622CCB71FC74Sep 8, 2015
23573996AC8133040A33CBF32EC01802FEC1Sep 15, 2015
236470BAAB9E2C576F096D48BA993258A5A8Sep 18, 2015
743EE038FB6AA2FE8BC613CCB4870318878Sep 23, 2015
2365F282490AE6C6AD2D05A7C23D79C08115Oct 7, 2015
72853C5708848616D0F5DD93067526FF577Oct 7, 2015
731618D5A49E6251BEE9BFBE75C474C1DA4Oct 7, 2015
23755C890C02C400899F4E84794E59644FAAOct 14, 2015
736D984C4F6E5E05585347DDCF138137C86Nov 8, 2015
6382807BDAE4B2A038FE8F7FC4CB9D8F6C1Nov 17, 2015
7376FEBA670F4828D6E3C288B9CC0A3DD38Nov 20, 2015
23479F300854BB030C6F41EC4F1A74AC5FCADec 16, 2015
23610DED53BC168993D0F4A168C1AA493805Dec 25, 2015
743354CD972E305F1E7B0E961FB66F573ABDec 28, 2015
23848F2C8C03D61B4B2A3B6B041F4E3A29E6Jan 1, 2016
730A21CDB0ECB24DE5DAE0ADF61120F22CDJan 4, 2016
727E45E51C14C9458A7B0DAC81E5D98A3CDJan 20, 2016
23537A5BB09B2D36B3C214B27F2F6906EF06Jan 20, 2016
237584421AFE098E1A3A72877216835548B1Feb 2, 2016
2344B6D36F041135DF1C5092B452CFB09C66Feb 7, 2016
237573D83BA894F586C764FB308A587B60F0Feb 14, 2016
23886D98B3573507C33775B732EDEA7E2609Mar 31, 2016
2375C95D5B33D5869BC8D2DA5345D9B1EEA9Apr 8, 2016
2357E86EA11D53291859D4B70144E6CE6DACApr 16, 2016
437628FB79922B4C04CE25E9DDE05DEAD458Apr 27, 2016
2323FD42CFFA7D391FE3F2AFC20248C25AFFMay 7, 2016
23621CD808254898CE206781AFD93742AF19May 17, 2016
23456EDA0A0FBA4534A2845D97DD49A07336May 18, 2016
2345B6C4C897B808F3E44C433BC4AF915CE8May 19, 2016
23817ABD73CCFAA9984C3B09F48D786C109DMay 23, 2016
2384E38E44896D39A05BA6741CBDB19FA29FMay 24, 2016
236440027D0EAD55AE6EFC92076503FA88B3May 28, 2016
2059154511FDE4C9EB03F7EBAB23E79FF2A0May 29, 2016
2355978D88A60E9566150906F8ED2B239A97Jun 9, 2016
23386344E0AC496274B55AE496ED870F7503Jun 17, 2016
20092F55C5DB2EFB50363C4C140D35385F72Jun 20, 2016
7439B3CAAE15B7E9D43C9353B348D2619BCJun 29, 2016
2386330D7813FFD4DD0814C9FA021D71EF6AJul 26, 2016
718A20C5EDFEE56A4B916C9C3669A83D0AEAug 4, 2016
7380E2478EF4A82E80547F5FF89D1A84405Sep 5, 2016
2363641E71BBD7E65AC9E6CD6D9A1F04829DSep 15, 2016
23451B4C7C402C3B6FBD911AD451478A0E2EOct 18, 2016
2360A90DA590E4FC5063C6EC2EC701325370Oct 23, 2016
1932DCB0EEFE660344525E8F56B14544F343Nov 14, 2016
234094DE39B2199A9DFDCC46D890DC5A4B81Nov 28, 2016
2367655BFCEB1327F3B49FC0DE753AE1B277Dec 15, 2016
2365B0D12E36A9A39D07159E34D7296AC4B3Dec 21, 2016
23420998D6817919CDE531FF482150E21D4FJan 11, 2017
23455A3DF93ED0E33D9FC2B1019FB1846DC9Jan 20, 2017
228990A86B83B9E5A6BABDE3B024F0FB121AJan 30, 2017
2361FD0E4AD4636703D0B0B37CC3090A7CDDFeb 1, 2017
2367DAFFDA09E64E576503558027BA1CE067Apr 12, 2017
2369E447BAD627AE73BCBF8BF74DC9C06E31Apr 14, 2017
23504673768E395B48EC840066296AAAC8E5Apr 19, 2017
2356AFC6018EB6580C83D2C59CCF23F3EAC4Apr 29, 2017
2320C55F646D1A682489B00F61417EBEF0B9May 18, 2017
236300ED81698F262143923468A94DD432DBMay 21, 2017
236968589FC0D967FB084A8334BD3A672978Jun 2, 2017
73805C7DD2BBF9A2AD599032F1A9373F541Jun 7, 2017
4036E556C34A7DE290E15B330E46CFA9196Jun 19, 2017

Why Is It Important to Remove Malware Files?^

It is imperative that you delete malware-associated files as soon as possible because they can be used - or are already being used - to inflict serious damage on your PC, including:

  • Disrupting the normal functioning of the operating system or rendering it completely useless.
  • Hijacking valuable private information (credit card numbers, passwords, PIN codes, etc.)
  • Directing all your Web searches to the same unwanted or malicious sites.
  • Dramatically slowing down your computer.
  • Gaining total control of your PC to spread viruses and trojans and send out spam.

How to Remove v9.xml^

  1. To enable deleting the v9.xml file, terminate the associated process in the Task Manager as follows:
    • Right-click in the Windows taskbar (a bar that appears along the bottom of the Windows screen) and select Task Manager on the menu.
    • In the Tasks Manager window, click the Processes tab.
    • On the Processes tab, select v9.xml and click End Process.
  2. Using your file explorer, browse to the file using the paths listed in Location of v9.xml and Associated Malware.
  3. Select the file and press SHIFT+Delete on the keyboard.
  4. Click Yes in the confirm deletion dialog box.
  5. Repeat steps 2-4 for each location listed in Location of v9.xml and Associated Malware.
  6. Notes:

    • The deletion of v9.xml will fail if it is locked; that is, it is in use by some application (Windows will display a corresponding message). For instructions on deleting locked files, see Deleting Locked Files.
    • The deletion of v9.xml will fail if your Windows uses the NT File System (NTFS) and you have no write rights for the file. Request your system administrator to grant you write rights for the file.

Deleting Locked Files^

You can delete locked files with the RemoveOnReboot utility. You can install the RemoveOnReboot utility from here.

After you delete a locked file, you need to delete all the references to the file in Windows registry.

To delete a locked file:

  1. Right-click on the file and select Send To -> Remove on Next Reboot on the menu.
  2. Restart your computer.

The file will be deleted on restart.

Note: In the case of complex viruses that can replicate themselves, malware files can reappear in the same locations even after you have deleted those files and restarted your computer. Exterminate It! Antimalware can effectively eradicate such viruses from your computer.

To remove all registry references to a v9.xml malware file:

  1. On the Windows Start menu, click Run.
  2. In the Open box, type regedit and click OK. The Registry Editor window opens.
  3. On the Edit menu, select Find.
  4. In the Find dialog box, type v9.xml. The name of the first found registry value referencing v9.xml is highlighted in the right pane of the Registry Editor window.
  5. Right-click the registry value name and select Delete on the menu.
  6. Click Yes in the Confirm Value Delete dialog box.
  7. To delete all other references to v9.xml, repeat steps 4-6.
IMPORTANT: Malware files can masquerade as legitimate files by using the same file names. To avoid deleting a harmless file, ensure that the Value column for the registry value displays exactly one of the paths listed in Location of v9.xml and Associated Malware.